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DETAILED ACTION 

1 . Claims 4, 1 1 and 15-28 liave been cancelled. 

2. Claims 1-3, 5-10 and 12-14 have been examined. 

3. Responses to Applicant's remarks have been given. 

Continued Examination Under 37 CFR 1.114 
1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 3/6/08 
has been entered. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth In this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1 , 148 
USPQ 459 (1966), that are applied for establishing a background for determining 
obviousness under 35 U.S.C. 103(a) are summarized as follows: 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating 
obviousness or nonobviousness. 
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Claims 1-3, 5-10 and 12-14 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over United States Patent No. 7,127,524 to Renda et al., hereinafter 
Renda and further in view of United States Patent No. 6,516,416 to Gregg et al., 
hereinafter Gregg. 

2. Renda significantly discloses the claimed invention, as cited below. However, 
Renda does not significantly disclose the limitations pertaining to "an electronic 
document" as found within claims 1 and 8. Gregg, however, discloses these limitations, 
as cited below. 

3. Regarding claims 1 and 8, Renda and Gregg disclose a system and a method 
for role-based control of a document processing device comprising: 

means for receiving an electronic document into a document processing device via an 
associated network , the document processing device including means for outputting a 
tangible rendering of electronic documents {Gregg - column 21 , lines 1 1-37, "The initial 
block has the user input URL for copyrighted HTML using a web browser (block 430) 
and the web server sends the copyrighted HTML document (block 432)", "the user 
chooses one of the print, save or cut/copy/paste options" and "the program determines 
whether the copyright level allows print (block 452) which if it does, permits printing 
(block 454)"); 

means for generating a scan file corresponding to a scan of a tangible document bv the 
document processing device {Renda - column 17, lines 33-36, "local services may 
include any device that is not centrally located, including fax servers, scanners, disk 
drives..."): 
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means for receiving, via the associated networl^, document processing instruction data 
corresponding to at least one user-selected document processing operation 
corresponding to at least one of the received electronic document and a received 
tangible document {Gregg - column 21 , lines 1 1 -37, "the web browser window where 
HTML contents are displayed (block 438) and the user chooses one of the print, save or 
cut/copy/paste options (block 440)"); 

means for acquiring, via the associated network, user data representative of an identity 
of a user of a document processing device, which user data is associated with the 
received electronic document {Renda - Figures 3D, 3E and 7, column 4, lines 44-52, 
column 9, lines 45-55, column 23, lines 31-36, "user identifier and password" and lines 
66 and 67, column 24, lines 1-12, column 41, lines 29-59 and column 42, lines 35-42 
and Gregg - column 21 , lines 1 1-37, "The initial block has the user input URL for 
copyrighted HTML using a web browser (block 430) and the web server sends the 
copyrighted HTML document (block 432)"); 

means for prompting the user for login data via an interface associated with the 
document processing device {Renda - Figures 3C, 3D, 3E, 8A and 8B, column 8, lines 

5-14, column 1 3, lines 46-58, column 21 , lines 66 and 67, column 22, lines 1 -7 and 58- 
67, column 23, lines 4-9, 31-36, 66 and 67, column 24, lines 1-12 and 58-64, column 
25, lines 43-67, column 26, lines 1, 2 and 61-67, column 27, lines 1-3 and 52-65, 
column 29, lines 4-17 and column 41, lines 29-53); 

means for receiving login data from the user via the interface {Renda - Figures 3C, 3D, 
3E, 8A and 8B, column 8, lines 5-14, column 13, lines 46-58, column 21, lines 66 and 
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67, column 22, lines 1-7 and 58-67, column 23, lines 4-9, 31-36, 66 and 67, column 24, 
lines 1-12 and 58-64, "authentication server may use as part of the authentication 
process, for example, by only allowing a user to log in via a device with that MAC 
address", column 25, lines 43-67, column 26, lines 1,2 and 61-67, column 27, lines 1-3 
and 52-65, column 29, lines 4-17 and column 41 , lines 29-53); 
means for receiving device access data representative of device access privileges 
associated with each of a plurality of users {Renda - column 7, lines 63-67, column 8, 
lines 1-18, "master access controller 222 may store the privileges for all users and 
provide them to such access controller once authentication server 224 authenticates the 
user" and lines 48-64, column 9, lines 34-55, column 17, lines 33-53, "When 
communications to the generic IP address are received by privileges manager 273, it 
will redirect the communications to the appropriate destination such as the nearest 
printer that can handle the local service requested", column 18 and lines 1 1-23, column 
22, lines 1-28, column 23, lines 66 and 67, column 24, lines 1-12 and 58-64, 
"authentication server may use as part of the authentication process, for example, by 
only allowing a user to log in via a device with that MAC address", column 25, lines 3- 
16, column 27, lines 52-67, column 28, lines 1-20 and 41-60, "privileges record", column 
29, lines 4-1 7, column 31 , lines 52-67); 

comparison means for comparing user data and login data with the device access data 
(column 23, lines 31-36 and 46-51 and column 41, lines 54-66); 
means for associating login data with at least one preselected user role in accordance 
with an output of the comparison means {Renda - Figures 3C, 3D, 3E, 8A and 8B, 
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column 8, lines 5-14, column 13, lines 46-58, column 21, lines 66 and 67, column 22, 
lines 1-7 and 58-67, column 23, lines 4-9, 31-36, 66 and 67, column 24, lines 1-12 and 
58-64, "authentication server may use as part of the authentication process, for 
example, by only allowing a user to log in via a device with that MAC address", column 
25, lines 43-67, column 26, lines 1, 2 and 61-67, column 27, lines 1-3 and 52-65, 
column 29, lines 4-17 and column 41, lines 29-53); 

means for retrieving a permission matrix template specifying allowable usage options of 
the data processing device associated with each of the plurality of user roles {Renda - 
column 7, lines 63-67, column 8, lines 1-18, "master access controller 222 may store 
the privileges for all users and provide them to such access controller once 
authentication server 224 authenticates the user" and lines 48-64, column 9, lines 34- 
55, column 17, lines 33-53, "When communications to the generic IP address are 
received by privileges manager 273, it will redirect the communications to the 
appropriate destination such as the nearest printer that can handle the local service 
requested"); 

means for generating permission matrix data in accordance with the at least one 
preselected user role and retrieved permission matrix template, the permission matrix 
data including data representative of allowable usage options of the document 
processing device from a plurality thereof by a user associated with the user data 
{Renda - column 3, lines 60-67, column 4, lines 1-9, column 7, lines 63-67, column 8, 
lines 1-18, "master access controller 222 may store the privileges for all users and 
provide them to such access controller once authentication server 224 authenticates the 
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user" and lines 48-64, column 9, lines 34-55, column 17, lines 33-53, "When 
communications to the generic IP address are received by privileges manager 273, it 
will redirect the communications to the appropriate destination such as the nearest 
printer that can handle the local service requested", column 18 and lines 1 1-23); 
means for communicating the permission matrix data to the document processing 
device to allow for control thereof (column 3, lines 60-67, column 4, lines 1-9 and 40-52, 
column 17, lines 33-53, "Although printers are described herein, local services may 
include any device that is not centrally located, including fax servers, scanners, disk 
drives and web pages such as those of an intranet" and "When communications to the 
generic IP address are received by privileges manager 273, it will redirect the 
communications to the appropriate destination such as the nearest printer that can 
handle the local service requested" and column 43, lines 35-40); 
means for storing the permission matrix on a data storage associated with a controller 
of the document processing device {Renda - Figures 2B and 3A (elements 314 and 316 
- "privs local?" and if "yes" then "determine action from privileges"), column 10, lines 37- 
53, "identifies whether a privileges record for a device having the MAC address is stored 
locally in access controller 220" and "If the privileges are located in local privileges 
storage 275, privileges manager 273 will retrieve the privileges and identify the action 
associated with the target in the frame" and column 18, lines 3-23); 
means for limiting operation of the document processing device to a subset of available 
document processing operations in accordance with the stored permission matrix 
{Renda - Figures 2B and 3A (elements 314 and 316 - "privs local?" and if "yes" then 
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"determine action from privileges"), column 10, lines 37-53, "identifies whether a 
privileges record for a device having the MAC address is stored locally in access 
controller 220" and "If the privileges are located in local privileges storage 275, 
privileges manager 273 will retrieve the privileges and identify the action associated with 
the target in the frame" and column 18, lines 3-23). 

4. Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the teachings of Gregg within the system 
and method of Renda in order to present "an access system that provides secure 
access through either a one factor (conventional user name and password) or two factor 
authentication (using an optional hardware access key with a unique digital ID), thus 
enabling a superior and effective subscriber authentication which only allows registered 
subscribers to access protected contents and subscriber authorization which 
determines the subscriber's access level within a protected site" {Gregg - column 1 , 
lines 58-67). 

5. Regarding claims 2 and 9, Renda discloses wherein the permission matrix data 
includes selected permissions associated with at least one of printing, copying, faxing 
and scanning (column 4, lines 40-52, column 17, lines 33-53, "Although printers are 
described herein, local services may include any device that is not centrally located, 
including fax servers, scanners, disk drives and web pages such as those of an intranet" 
and "When communications to the generic IP address are received by privileges 
manager 273, it will redirect the communications to the appropriate destination such as 
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the nearest printer that can handle the local service requested" and column 43, lines 35- 
40). 

6. Regarding claims 3 and 10, Renda discloses wherein the permission matrix data 
includes data allowing access to all available functions when the user data is 
representative of an administrative mode (column 4, lines 44-52, "preconfigured by a 
system administrator", column 7, lines 63-67, column 8, lines 1, 2 and 48-58, column 9, 
lines 1-55, "a system administrator can define the privileges of a class of users and 
assign a user to the class", column 16, lines 57-67, column 17, lines 1 and 2, "A local 
device is a device or other destination that is defined by a system administrator via 
master controller 222 and transmitted to local services manager 297 as being nearby, or 
mostly nearby among the other devices on the network in the same class (e.g., printer, 
scanner, fax, server, disk drive, etc.), to the network access point 230-234 being served 
by the access controller 220.", column 21, lines 24-27 and column 28, lines 21-31). 

7. Regarding claims 5 and 12, Renda discloses wherein the user data 
representative of the identity of a user comprise at least one of user name and user 
password (Figures 3D and 3E, column 4, lines 44-52, column 9, lines 45-55, column 23, 
lines 31-36, "user identifier and password" and column 41, lines 29-59, "if the user 
indicates that he or she is a guest, the username and password are both treated as if 
the user had typed, 'guest'"). 

8. Regarding claims 6 and 13, Renda discloses means for transmitting acquired 
user data to an authentication server (column 7, lines 63-67, column 8, lines 1-14 and 
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48-58, column 9, lines 45-55, column 24, lines 50-57, column 27, lines 52-65 and 
column 29, lines 4-17); 

means for transmitting device access data to the authentication server (column 10, lines 
37-43 and column 24, lines 58-67); 

wherein the authentication server compares the user data with the device access data 
to generate the permission data matrix (column 3, lines 60-67, column 4, lines 1-9, 
column 7, lines 63-67, column 8, lines 1-18, "master access controller 222 may store 
the privileges for all users and provide them to such access controller once 
authentication server 224 authenticates the user" and lines 48-64, column 9, lines 34- 
55, column 17, lines 33-53, "When communications to the generic IP address are 
received by privileges manager 273, it will redirect the communications to the 
appropriate destination such as the nearest printer that can handle the local service 
requested", column 18 and lines 11-23). 

9. Regarding claims 7 and 14, Renda discloses wherein the user data and the 
device access data are stored in an associated database (column 3, lines 60-67, 
column 4, line 1, column 7, lines 63-67, column 8, lines 1-14 and 48-58, column 9, lines 
45-55, column 24, lines 50-57, column 27, lines 52-65, column 29, lines 4-17 and 
column 36, lines 31-50). 

[Servers are capable of storing data in an organized manner, thus the servers (as 
disclosed by Renda) sufficiently disclose the claimed invention as claimed within 
claims 7 and 14.] 
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Response to Arguments 

10. Claim 1 is rendered non-compliant due to the new claim limitation, "means for 
limiting operation of the document processing device to a subset of available document 
processing operations in accordance with the stored permission matrix" not being 
underlined to indicate that it is a new claim limitation. Appropriate correction is required. 

1 1 . Applicant's arguments, see page 6, filed 3/06/08, with respect to the objections to 
claims 1 and 6 have been fully considered and are persuasive. The objections to claims 
1 and 6 have been withdrawn. 

12. Applicant's arguments filed 3/06/08 have been fully considered but they are not 
persuasive. With regards to the limitation of, "the document processing device including 
means for outputting a tangible rendering of electronic documents", the Examiner 
maintains the above-cited grounds of rejection, in particular but not limited to Gregg - 
column 21 , lines 1 1-37, "the user chooses one of the print, save or cut/copy/paste 
options" and "the program determines whether the copyright level allows print (block 
452) which if it does, permits printing (block 454)". The claim language "outputting a 
tangible rendering" is broadly interpreted by the Examiner to pertain to, inter alia, the 
printing of the "copyrighted HTML document" as disclosed by Gregg. 

13. Regarding the limitations of, "means for storing the permission matrix on a data 
storage associated with a controller of the document processing device" and "means for 
limiting operation of the document processing device to a subset of available document 
processing operations in accordance with the stored permission matrix", the Examiner 
upholds the grounds of rejection, in particular but not limited to Renda - Figures 2B and 
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3A (elements 314 and 316 - "privs local?" and if "yes" then "determine action from 
privileges"), column 10, lines 37-53, "identifies whether a privileges record for a device 
having the MAC address is stored locally in access controller 220" and "If the privileges 
are located in local privileges storage 275, privileges manager 273 will retrieve the 
privileges and identify the action associated with the target in the frame" and column 18, 
lines 3-23. 

Conclusion 

14. The prior art made of record and not relied upon is considered pertinent to 

applicant's disclosure. 

1 5. The following United States Patents and Patent Application Publications are cited 
to further show the state of the art with respect to access control, such as: 

United States Patent No. 7,155,616 to Hamlin which is cited to show a computer 
network comprising network authentication facilities implemented in a disk drive. 

United States Patent No. 6,487,583 to Harvey et al., which is cited to show a 
system and method for information and application distribution. 

United States Patent No. 5,757,916 to MacDoran et al., which is cited to show a 
method and apparatus for authenticating the location of remote users of networked 
computing systems. 

United States Patent Application Publication No. US 2003/0046586 to 
Bheemarasetti, et al., which is cited to show secure remote access to data between 
peers. 
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United States Patent Application Publication No. US 2003/0093298 to 
Hernandez, et al., which is cited to show a system and method for providing secure 
remote access to patient files by authenticating personnel with biometric data. 

United States Patent No. 5,923,756 to Shambroom which is cited to show a 
method for providing secure remote command execution over an insecure computer 
network. 

United States Patent No. 6,671,818 to Mikurak, which is cited to show problem 
isolation through translating and filtering events into a standard object format in a 
network based supply chain. 

United States Patent No. 7,062,781 to Shambroom which is cited to show a 
method for providing simultaneous parallel secure command execution on multiple 
remote hosts. 

16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JEREMIAH AVERY whose telephone number is 
(571)272-8627. The examiner can normally be reached on Monday thru Friday 8:30am- 
5pm. 

1 7. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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18. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Jeremiah Avery/ 
Examiner, Art Unit 2131 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 



